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(54) Conditional access system and smartcard allowing such access 



(57) The invention relates to a conditional access 
system allowing a service provider to supply services 
only to those users who have acquired entitlements to 
these services. 

The services supplied by a service provider consist 
of an item scrambled by control words. In order to keep 
the control words secret, they are supplied alter having 



been encrypted with an algorithm with key K. 

The entitlements of each user are forwarded in 
messages commonly denoted EMM (the abbreviation 
EMM standing tor "Entitlement Management Messag- 
es"). 

According to the invention, the key K of the control 
words encryption algorithm is contained in the EMMs. 
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Description 

The present invention relates to a conditional ac- 
cess system. 

A conditional access system allows a service pro- 
vider to supply services only to those users who have 
acquired entitlements to these services. Such is the 
case : tor example, for pay television systems. 

As is known to those skilled in the art, the service 
supplied by a service provider consists of an item scram- 
bled by control words. The scrambled item can only be 
desc rambled, and hence read by the user, at the level 
of the entitlements allocated to this user. The scrambled 
item will hereafter be denoted I E(ECG), where ECG rep- 
resents the unscrambled item (the abbreviation ECG 
standing for "Electronically Coded Good"). 

I n order to desc ramble the item, the service provider 
supplies each user with the control words which served 
tor scrambling the item. To keep the control words se- 
cret, they are supplied after having been enciphered 
with an algorithm with key K. The various enciphered 
control words are forwarded to the various users in mes- 
sages commonly denoted ECM {the abbreviation ECM 
standing for 'Entitlement Control Messages'). 

In order to grant access to his service only to au- 
thorized users ak>ne : the service provider supplies a 
smartcard and a decoder to each of the users. 

The smartcard makes it possible, on the one hand, 
to validate and record the entitlements which the user 
has to the service delivered and, on the other hand, to 
decipher, with the aid of the key K, the enciphered con- 
trol words. For this purpose, the smartcard therefore 
contains the key K of the algorithm which allowed enci- 
pherment of the control words. 

The decoder, for its part, makes it possible to de- 
scramble the scrambled item on the basis of the item 
consisting of the deciphered control words emanating 
from the smartcard. 

The entitlements of each user are forwarded in 
messages commonly denoted EMM (the abbreviation 
EMM standing for 'Entitlement Management Messag- 
es"). 

According to the known art, the EMM dedicated to 
a user contains three main items: 

a first item giving the address of the user's card; 
a second item giving the descriptbn of the user's 
entitlements; 

a third item making it possible to validate the EMM 
and to verify that the user's entitlements contained 
in the EMM are indeed the entitlements reserved 
for the user. 

When a user's decoder recognizes the address of 
the card associated with him from among the various 
addresses dispensed by the service provider, the EMM 
corresponding to the recognized address is analysed. 
The analysis of the EMM is performed with the aid of an 



analysis algorithm which depends on the key K for en- 
ciphering the control words. 

The key K of the algorithm for enciphering the con- 
trol words is contained in each user card. It follows that 

5 piracy in relation to a single card may lead to the ascer- 
taining of the key K. Illicit user entitlements may then be 
created and recorded on all the other cards supplied by 
the service provider and containing the same key K. It 
is also possible to copy over onto these other cards the 

10 user entitlements contained in the pirated card. The 
service supplied by the provider is then no longer pro- 
tected. 

In order to alleviate these drawbacks, it is known for 
the service provider to modify, at regular time intervals. 
'5 the key of the algorithm for enciphering the control 
words. The service provider must then supply each user 
with a new card containing a new key K. 

This represents a drawback, especially in terms of 
costs, since the number of user cards is often very high. 
20 This number may in fact frequently reach several hun- 
dred thousand, or even several million. 

The invention does not have this drawback. 

The present invention relates to a novel conditional 
access system. More particularly, the invention relates 
2S to a novel definition of the EM Ms as well as to a novel 
definition of the various functions contained in the user 
card. 

Thus, the invention relates to a message (EMM) 
making it possible to define the entitlements which a us- 
30 er possesses to a service consisting of an item scram- 
bled with the aid of control words, the control words be- 
ing supplied to the user after having been enciphered 
by an algorithm with key K, the message (EMM) con- 
taining an item making it possible to validate this mes- 
as sage and to verify that the entitlements which the latter 
contains are the entitlements reserved for the user. The 
message (EMM) contains the key K of the algorithm for 
enciphering the control words. 

The invention also relates to a process making it 
40 possible to desc ramble a scrambled service supplied to 
at least one user, the said service being scrambled with 
the aid of control words, the said process comprising a 
step making it possible to supply the user with a first 
message (ECM) containing at least one control word en- 
46 ciphered with an algorithm with key K, a step making it 
possible to supply the user with a second message 
(E MM) containing the entitlements of the user and a step 
making it possible to validate and verify that the entitle- 
ments contained in the second message (EMM) are the 
so entitlements reserved for the user. The key K is dis- 
pensed to the user in the second message (EMM). 

The invention also relates to a smartcard making it 
possible to decipher the enciphered control words which 
it receives, the control words being enciphered by an 
ss algorithm with key K ( and making it possible, after deci- 
phering, to descramble a scrambled service, the card 
comprising a circuit tor validating the entitlements of the 
user containing a first control key making it possible to 
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control the validation of the entitlements ol the user and 
a circuit for validating the access conditions associated 
with the service, the circuit for validating the access con- 
ditions containing a second control key. The first control 
key is different from the key K. According to the pre- 
ferred embodiment of the invention the first control key 
is a key individual to the card and hence different from 
one card to another. 

The invention further relates to a conditional access 
system allowing a service provider to supply services 
only to the users who have acquired entitlements to 
these services, the said services consisting of an item 
scrambled by control words, the said system compris- 
ing, for each user, at least one decoder and at least one 
user card, the said card containing, on the one hand, 
circuits making it possible to validate and record the en- 
titlements of the user to the service delivered by the pro- 
vider the said entitlements being conveyed to the user 
card by a first message (EMM) and, on the other hand, 
circuits making jt possible to retrieve the control words 
from the enciphered control words by an algorithm with 
key K, the said enciphered control words being con- 
veyed to the user card by a second message (ECM). 
The user card is a card such as that according to the 
abovementioned invention and the first message (EMM) 
is a message making it possible to define the entitle- 
ments possessed by the user such as thai according to 
the abovementioned invention. 

An advantage of the invention is considerably to 
strengthen the protection of the services supplied by the 
provider Piracy in relation to one or more user cards 
then offers practically no benefit to a would-be pirate any 
more. 

Other characteristics and advantages of the inven- 
tion will emerge on reading a preferred embodiment giv- 
en with reference to the appended figures in which: 

Figures 1a and 1b represent respectively a first and 
a second EMM format according to the prior art; 
Figure 2 represents the format of an ECM according 
to the prior art; 

Figure 3 represents the schematic of a user card 
according to the prior art; 

Figures 4a and 4b represent respectively a first 
EMM format and a second EMM format according 
to the invention; 

Figure 5 represents the schematic of a user card 
according to the invention. 

In all the figures, the same labels designate the 
same elements. 

Figure la represents a first EMM format according 
to the prior art. 

The EMM represented in Figure la is composed of 
a body Cla containing the three main items mentioned 
earlier, and of a header 4, the content of which (H1) 
gives, among other things, the type and size of the items 
contained in the body Cla. 
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The body Cla consists of a first item 1 containing 
the address (AD) ot the user's card, of a second item 2 
containing a description of the user's entitlements, and 
of a third item 3 containing a cue HASH K . The cue 
5 HASH K depends on the key K and makes it possible to 
perform the analysis of the EMM mentioned earlier. 

Figure 1 b represents a second EMM format accord- 
ing to the prior art. 

The EMM consists ot a header4 and of a body Clb. 
w The body C1b consists of the items 5 and 6 contain- 
ing respectively the address AD of the user card and the 
description of the user's entitlements enciphered with 
the algorithm with key K and relating to the address AD 
(E(user's entittements) K-AD ). According tothis EMM f or- 
is rnat, the validation and verification of the entitlements 
contained in the EMM are performed by the operation 
ot deciphering the enciphered entitlements. 

Figure 2 represents the format of an ECM according 
to the prior art. 

20 The ECM consists of a body C2 and of a header 7, 
the content (H2) of which gives, among other things, the 
type and size of the items contained in the body C2. 

The body C2 comprises, among other things, a first 
item 8 containing the set of access conditions associat- 
es ed with the service supplied by the service provider, a 
second item 9 containing a control word Cwi enciphered 
with the algorithm with key K (E(Cwi) K ) and a third item 
1 0 containing a cue H ASH K depending on the key K and 
making it possible to validate and verify the content of 

30 the access conditions. The control word Cwi represents 
the current control word, that is to say the control word 
making it possible to descramble that part of the pro- 
gram which is currently being read. 

As is known to those skilled in the art, generally the 

35 ECM which contains Cwi also contains a second control 
word. This second control word is the control word of 
the next descrambling period, that is to say the current 
control word of the ECM which has to lollow the ECM 
which conlains Cwi as current control word. This second 

40 control word has not been represented in Figure 2 so as 
not to fruitlessly encumber the drawing. 

As is known to those skilled in the art, the EC Ms are 
forwarded by the service provider together with the 
scrambled item IE(ECG). 

45 The ECM format described in Figure 2 is merely one 
example of an ECM format. In particular, the order of the 
various blocks (7, 5, 9, 10) making up the ECM de- 
scribed in Figure 2 can be modified. 

Figure 3 represents the schematic of a user card 

so according to the prior art. 

The user card 11 contains five main circuits: 

a circuit 12 for validating the user's entitlements; 
a circuit 1 3 for storing the user's validated entitle- 
55 ments; 

a circuit 1 4 for controlling the access; 

a circuit 1 5 for validating the EC Ms; 

a circuit 27 for deciphering the enciphered control 
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words. 

Regardless of the format of the EMM (cf. Figures 
1 a and 1 b), the validation circuit 1 2 makes it possible to 
perform on the EMMs the operations mentioned earlier 
of user address recognition and analysis of the user's 
entitlements. For this purpose, the validation circuit 12 
contains the key K of the encipherment algorithm. If the 
EMM is validated, the user's entitlements contained in 
the EMM are stored in the circuit 1 3 for storing the val- 
idated entitlements. 

The circuit 15 for validating the ECMs makes it pos- 
sible to perform on the access conditions 8 contained in 
the ECMs, operations identical to those performed by 
the validation circuit 1 2 on the user's entitlements. The 
validation circuit 15 contains the key K. 

The deciphering circuit 27 makes it possible to de- 
cipher the control words. For this purpose, the decipher- 
ing circuit 27 also contains the key K of the algorithm for 
enciphering the control words. 

The access control circuit 14 compares the validat- 
ed access conditions with the validated entitlements of 
the user. If the validated access conditions correspond 
to the validated entitlements of the user, a signal S, em- 
anating from the access control circuit 14 and applied 
to the deciphering circuit 27, authorizes the deciphering 
of the enciphered control words E(Cwi) K originating from 
the validation circuit 15. In the contrary case, the signal 
S does not authorize deciphering. 

On completion of the various steps of the decipher- 
ing procedure, the deciphered control words Cwi are 
generated by the deciphering circuit 27 in such a way 
as to allow the descrambling of the scrambled item IE 
(ECG). 

As mentioned earlier, piracy in relation to a single 
user card, thereby allowing access to the key K, leads 
to destruction of the protection of the set of services sup- 
plied by the provider 

Figure 4a represents a first EMM format according 
to the invention. 

The body C3a of the user's EMM is here composed 
of four main items: 

the items 1 and 2 constituting respectively the user's 
address and the description of the user's entitle- 
ments; 

an item 16 containing the key K of the algorithm tor 
enciphering the control words; 
an item 17 containing a hash cue HASH KC . where 
KC is a different key from the key K. According to 
the preferred embodiment of the invention, the key 
KC is individual to each user and therefore different 
from one card to another. According to other em- 
bodiments, the key KC is individual to a group of 
user cards. 

Figure 4b represents a second EMM format accord- 
ing to the invention. 



The body C3b of the EMM comprises three main 
items: 



the items 1 8 and 1 9 constituting respectively the ad- 
5 dress AD of the user card and the description of the 
user's entitlements encrypted with the algorithm 
with key KC and relating to the address AD (E(us- 
er's entitlements)^ ^rj). The key KC differs from the 
key K. According to the preferred embodiment of 
10 the invention, the key KC is individual to each user 
card and therefore different from one card to anoth- 
er. According to other embodiments, the key KC is 
individual to a group of user cards. 

75 According to this EMM format, the validation and 
verification of the entitlements contained in the EMM are 
performed by the operation for deciphering the enci- 
phered entitlements. 

20 - an item 20 containing the key K for enciphering the 
control words enciphered with the algorithm with 
key KC (E(K)Kc). 

Advantageously, regardless of the format of the 
25 EMM, the key K for enciphering the control words is not 
contained in the user's card so long as the EMMs have 
not been transmitted to the user 

Figure 5 represents the schematic of a user card 
according to the invention as well as the ECMs and the 
30 EMMs according to the invention. 

The user card 21 contains five main circuits: 

a circuit 22 for validating the user's entitlements; 
a circuit 23 for storing the user's validated entitle- 
55 ments; 

a circuit 24 for controlling the access; 

a circuit 25 tor validating the ECMs; 

a circuit 26 for deciphering the enciphered control 

words. 

40 

The EMM of Figure 5 is of the type represented in 
Figure 4a. The user card according to the invention can 
however operate with EMMs such as those represented 
in Figure 4b. 

45 According to the invention, the EMMs are analysed 
with the aid of a validation algorithm controlled by the 
key KC. The key KC is contained in the validation circuit 
22. 

The ECMs are, for their part, analysed with the aid 
5o of a validation algorithm controlled by a key KSR For 
this purpose, within the framework of the invention, the 
ECMs contain an item 28 containing a cue HASH KSP 
dependent on the key KSR The key KSP is contained 
in the validation circuit 25. The key KSP differs from the 
55 key K. According to the preferred embodiment of the in- 
vention, the key KSP is individual to the service provider. 

The access control circuit 24 compares the validat- 
ed access conditions with the validated entitlements of 
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the user. 

If the validated access conditions correspond to the 
validated entitlements of the user, a signal Y(K) ema- 
nating from the access control circuit 24 and applied to 
the deciphering circuit 26 authorizes the deciphering of 
the control words. The signal Y(K) contains the key K 
so as to transmit the latter to the deciphering circuit 26. 
The enciphered control words E(Cwi) K are forwarded 
from the validation circuit 25 to the deciphering circuit 
26. The deciphering of the control words is then per- 
formed. On completion of the various steps of the deci- 
phering procedure, the deciphered control words Cwi 
are generated by the deciphering circuit 26 so as to al- 
low the descrambling of the scrambled item. 

II the validated access conditions do not correspond 
to the validated entitlements of the user, the deciphering 
of the control words is not authorized. According to the 
invention, validation of a user's entitlements is control- 
led by a key KC individual to the user or to a group of 
users. It follows that piracy in relation to a user card can 
lead only to the jeopardizing of the pirated card itself as 
well as the user cards of the same group of users if the 
key KC is shared by one and the same group ol users. 

Advantageously, all the other user cards remain 
protected. 

According to the above-described embodiment of 
the invention, the key K is the same for all the services 
supplied by the provider. The invention allows the im- 
plementation of embodiments for which the various 
services supplied by the provider are scrambled with 
control words enciphered with an algorithm whose en- 
ciphering key differs from one service to another or from 
one group of services to another. 

This is particularly advantageous in the case of sys- 
tems commonly referred to as "off-line" systems for 
which the scrambled item IE(ECG) and the ECMs are 
contained on stand-alone data media such as, for ex- 
ample, CDs ('Compact Discs" ), DVDs ('Digital Video 
Discs") or else CD-ROMs ("Compact-Disc Read Only 
Memories"). 

Advantageously piracy in relation to a user card is 
then even more devoid ol benefit than in the case in 
which all the services of the provider are scrambled with 
control words enciphered with the same key K. Thus, 
piracy in relation to a user card then leads to only very 
partial access in respect of the various services supplied 
by the provider. 

Scrambling various services, such as for example 
films, with an algorithm whose keys differ from one serv- 
ice toanother cannot be envisaged within the framework 
of prior art conditional access systems for which the key 
of the algorithm for enciphering the control words of a 
service and the key associated with the algorithm for val- 
idating the user's entitlements are identical. 

Thus, the service provider would then have to sup- 
ply each user with a card individual to each service or 
group of services. Such a proliferation of cards is unre- 
alistic, both for practical reasons and for cost reasons. 



Generally, regardless of the embodiment of the in- 
vention, that is to say whether the various services sup- 
plied by the provider are associated with a single key for 
enciphering the control words K or with different enci- 

s phering keys Kj (j = 1.2. m), the invention relates 
equally well to conditional access systems of the "off- 
line" type as to conditional access systems of the "on- 
line" type for which the scrambled item IE(ECG) is an 
item consisting of a signal dispensed simultaneously to 

10 the various customers of the service provider from a sin- 
gle source. 



Claims 



15 



1. Message (EMM) making it possible to define the en- 
titlements (2) which a user possesses to a service 
consisting of an item (IE (ECG)) scrambled with the 
aid of control words (Cwi), the said control words 

20 being supplied to the user after having been enci- 
phered by an algorithm with key K, the said mes- 
sage (EMM) containing an item making it possible 
to validate this message and to verify that the enti- 
tlements which the latter contains are the entitle- 

25 ments reserved for the user, the said item making 
it possible to validate the message and to verify the 
entitlements which the latter contains being control- 
led by a key (KC), characterized in that the message 
contains the key K of the algorithm for enciphering 

30 the control words. 

2. Message (EMM) according to Claim 1, character- 
ized in that the key (KC) controlling the item making 
it possible to validate this message and to verify the 

35 entitlements which the latter contains is different 
from the key K of the algorithm for enciphering the 
control words. 

3. Message (EMM) according to Claim t or 2, charac- 
40 terized in that the key (KC) controlling the item mak- 
ing it possible to validate this message and to verify 
the entitlements which the latter contains is individ- 
ual to each user or group of users. 

45 4. Process making it possible to descramble a scram- 
bled service (I E(ECG)) supplied to at least one user, 
the said service being scrambled with the aid of con- 
trol words (Cwi), the said process comprising a step 
making it possible to supply the user with a first 

so message (ECM) containing at least one control 
word enciphered with an algorithm with key K, a 
step making it possible to supply a second message 
(EMM) containing the entitlements of the user and 
a step making it possible to validate and verify that 

ss the entitlements contained in the second message 
(EMM) are the entitlements reserved for the user, 
characterized in that the key K is dispensed to the 
user in the second message (EMM). 
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5. Process according to Claim 4, characterized in that 
the step making it possible to validate and verify the 
entitlements contained in the second message 
(EMM) is performed with the aid of an item control- 
led by a key (KC) different from the key K. 

6. Process according to Claim 5, characterized in that 
the key (KC) used to control the item is individual to 
each user or to a group of users. 

7. Smartcard (21) making it possfole to decipher the 
enciphered control words (E(Cwi) K ) which it re- 
ceives, the said control words being enciphered by 
an algorithm with key K, and making it posstole, af- 
ter deciphering, to descramble a scrambled service 
supplied to a user, the said card comprising a circuit 
(22) for validating the entitlements of the user con- 
taining a first control key (KC) making it possible to 
control the validation of the entitlements of the user 
and a circuit (25) for validating the access condi- 
tions associated with the service supplied by the 
service provider, the said circuit (25) for validating 
the access conditions containing a second control 
key (KSP), characterized in that the first control key 
(KC) is different from the key K. 

8. Card (21) according to Claim 7, characterized in 
that the first control key (KC) is a key individual to 
the said card or to a group of cards. 

9. Card according to Claim 7 or 8. characterized in that 
the second control key (KSP) is a key individual to 
the service provider. 

10. Conditional access system allowing a service pro- 
vider to supply services only to the users who have 
acquired entitlements to these services, the said 
services consisting of an item (I E(EOG)) scrambled 
by control words (Cwi), the said system comprising, 
per user, at least one decoder and at least one user 
card (21 ), the said card containing, on the one hand, 
circuits (22, 23) making it possible to validate and 
record the entitlements of the user to the service 
delivered by the provider, the said entitlements be* 
ing conveyed to the user card by a first message 
(EMM) and, on the other hand, circuits (26) making 
it possible to retrieve the control words (Cwi) from 
the encrypted control words (E(Cwi) K ) by an algo- 
rithm with key K, the said encrypted control words 
being conveyed by a second message (ECM), char- 
acterized in that the user card (21 ) is a card accord- 
ing to any one of Claims 7 to 9 and in that the first 
message (EMM) is a message according to any one 
of Claims 1 to 3. 

11 . System according to Claim 10, characterized in that 
it is of the "on-line" type. 



12. System according to Claim 10, characterized in that 
it is of the "off-line" type. 
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